"Mooney, Sean K" <sean.k.moo...@intel.com> writes: >> -----Original Message----- >> From: dev [mailto:dev-boun...@openvswitch.org] On Behalf Of Aaron Conole >> Sent: Saturday, August 20, 2016 12:48 AM >> To: dev@openvswitch.org; Ben Pfaff <b...@ovn.org>; Daniele Di Proietto >> <diproiet...@vmware.com> >> Subject: [ovs-dev] [PATCH v4 3/3] netdev-dpdk: Support user-defined >> socket attribs >> >> Currently, when vhost-user server socket devices are created, they inherit >> the >> running umask and uid/gid of the vswitchd process. This leads to >> difficulties when >> using vhost_user consumers (such as qemu). >> >> This patch introduces two new database entries, 'vhost-sock-owner' to set the >> ownership, and 'vhost-sock-perms' to set the permissions bits for all >> vhost_user >> server sockets. > [Mooney, Sean K] will they default to the user and group of the vswitchd > process if > Not set to maintain backwards compatibility?
If the values are unset, then the socket will inherit it's permissions and ownership from the umask and effective user/group IDs. This is the same behavior without this patch. >> Signed-off-by: Aaron Conole <acon...@redhat.com> >> --- >> v3->v4: >> * Rebased on upstream, the dev->vhost_id had to move to dev->vhost_server_id >> >> INSTALL.DPDK.md | 8 ++++++++ >> lib/netdev-dpdk.c | 37 +++++++++++++++++++++++++++++++++++++ >> vswitchd/vswitch.xml | 23 +++++++++++++++++++++++ >> 3 files changed, 68 insertions(+) >> >> diff --git a/INSTALL.DPDK.md b/INSTALL.DPDK.md index 30e9258..93bc380 100644 >> --- a/INSTALL.DPDK.md >> +++ b/INSTALL.DPDK.md >> @@ -223,6 +223,14 @@ advanced install guide [INSTALL.DPDK-ADVANCED.md] >> * vhost-sock-dir >> Option to set the path to the vhost_user unix socket files. >> >> + * vhost-sock-owner >> + Option to set the file-system ownership of the vhost_user unix socket >> + files. >> + >> + * vhost-sock-dir >> + Option to set the file-system permissions of the vhost_user unix socket >> + files. >> + >> NOTE: Changing any of these options requires restarting the >> ovs-vswitchd >> application. >> >> diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c index 6d334db..6cac2ea >> 100644 >> --- a/lib/netdev-dpdk.c >> +++ b/lib/netdev-dpdk.c >> @@ -31,6 +31,7 @@ >> #include <sys/stat.h> >> #include <getopt.h> >> >> +#include "chutil.h" >> #include "dirs.h" >> #include "dp-packet.h" >> #include "dpif-netdev.h" >> @@ -141,6 +142,10 @@ BUILD_ASSERT_DECL((MAX_NB_MBUF / >> ROUND_DOWN_POW2(MAX_NB_MBUF/MIN_NB_MBUF)) >> * yet mapped to another queue. */ >> >> static char *vhost_sock_dir = NULL; /* Location of vhost-user sockets */ >> +static char *vhost_sock_def_owner = NULL; /* Default owner of vhost-user >> + * sockets */ static char >> +*vhost_sock_def_perms = NULL; /* Default permissions of >> + * vhost-user sockets */ >> >> #define VHOST_ENQ_RETRY_NUM 8 >> #define IF_NAME_SZ (PATH_MAX > IFNAMSIZ ? PATH_MAX : IFNAMSIZ) @@ - >> 889,6 +894,30 @@ get_vhost_id(struct netdev_dpdk *dev) } >> >> static int >> +vhost_set_permissions(struct netdev_dpdk *dev) OVS_REQUIRES(dpdk_mutex) >> +{ >> + int err = 0; >> + >> + /* ovs_kchown and ovs_kchmod are robust enough to deal with null or >> + * empty strings. However, since they have the potential to race, >> + * only attempt them if the user actually requested a change. */ >> + >> + if (vhost_sock_def_owner && >> + (err = ovs_kchown(dev->vhost_server_id, vhost_sock_def_owner))) { >> + VLOG_ERR("dpdk: vhost-user socket (%s) ownership change failed >> (%s).", >> + dev->vhost_server_id, ovs_strerror(err)); >> + } >> + >> + if (!err && vhost_sock_def_perms && >> + (err = ovs_kchmod(dev->vhost_server_id, vhost_sock_def_perms))) { >> + VLOG_ERR("dpdk: vhost-user socket (%s) permissions failed (%s).", >> + dev->vhost_server_id, ovs_strerror(err)); >> + } >> + return err; >> +} >> + >> + >> +static int >> netdev_dpdk_vhost_construct(struct netdev *netdev) { >> struct netdev_dpdk *dev = netdev_dpdk_cast(netdev); @@ -932,10 +961,14 >> @@ >> netdev_dpdk_vhost_construct(struct netdev *netdev) >> err = netdev_dpdk_init(netdev, -1, DPDK_DEV_VHOST); >> } >> >> + if (!err) { >> + err = vhost_set_permissions(dev); >> + } >> ovs_mutex_unlock(&dpdk_mutex); >> return err; >> } >> >> + >> static int >> netdev_dpdk_construct(struct netdev *netdev) { @@ -3363,6 +3396,10 @@ >> dpdk_init__(const struct smap *ovs_other_config) >> } else { >> vhost_sock_dir = sock_dir_subcomponent; >> } >> + process_vhost_flags("vhost-sock-owner", NULL, NAME_MAX, >> ovs_other_config, >> + &vhost_sock_def_owner); >> + process_vhost_flags("vhost-sock-perms", NULL, NAME_MAX, >> ovs_other_config, >> + &vhost_sock_def_perms); >> >> argv = grow_argv(&argv, 0, 1); >> argc = 1; >> diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml index >> 69b5592..257edd8 >> 100644 >> --- a/vswitchd/vswitch.xml >> +++ b/vswitchd/vswitch.xml >> @@ -299,6 +299,29 @@ >> </p> >> </column> >> >> + <column name="other_config" key="vhost-sock-owner" >> + type='{"type": "string"}'> >> + <p> >> + Specifies the owner of the vhost-user unix domain socket files. >> + </p> >> + <p> >> + The default is to inherit from the running user and group id's. >> The >> + argument is specified in the same form as the 'chown' unix >> utility. >> + </p> >> + </column> >> + >> + <column name="other_config" key="vhost-sock-perms" >> + type='{"type": "string"}'> >> + <p> >> + Specifies the permissions for the vhost-user unix domain socket >> + files. >> + </p> >> + <p> >> + The default is derived from the running mask. The argument is >> + specified in the same form as the 'chmod' unix utility. >> + </p> >> + </column> >> + >> <column name="other_config" key="n-handler-threads" >> type='{"type": "integer", "minInteger": 1}'> >> <p> >> -- >> 2.5.5 >> >> _______________________________________________ >> dev mailing list >> dev@openvswitch.org >> http://openvswitch.org/mailman/listinfo/dev _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev